A pacemaker in an X-rayed chest: The life-saving device may be vulnerable to hackers. Thinkstock

October 18, 2012

ADVERTISEMENT

Sign Up for

Our free email newsletters

10 things you need to know today

Today's best articles

The week's best photojournalism

Today's top cartoons

Daily business briefing

The idea of a hacker breaking into your computer and ruining your reputation is terrifying enough. But the damage they could do to your body is potentially even worse. New research suggests that pacemakers could be accessed by hackers and used to send deadly shocks to their hosts. Here's what you should know:

Remind me again: What exactly does a pacemaker do?A pacemaker is an electrical device that helps control irregular heartbeats using electrical pulses. They are about the size of a pocket watch, and are placed under the skin near the heart.

And they are easily hacked? Well, not easily. But it's "100 percent possible," says Barnaby Jack, Director of Security Research for a security company called IO Active. At a recent conference, Jack used a laptop to hack into a remote pacemaker, and reverse-engineered it to send a series of deadly 830-volt shocks. Jack then took the demonstration one step further, accessing the device's model and serial number, as well as usernames and passwords for the manufacturer's development servers. Using this information, he says it would be very easy to load a virus that could spread between numerous pacemakers, giving a malevolent hacker the ability to commit mass murder.

Is this part of a larger problem? Yes. "The next frontier of computer hacking could be lifesaving devices," says Gregory Ferenstein at TechCrunch. Computers used in hospitals to monitor patients are reportedly rampant with computer viruses, with at least one U.S. hospital reportedly deleting viruses from its machines every week. Many of these computers run on outdated operating systems, Kevin Fu, a medical technology expert tells Technology Review. "I find this mind-boggling," Fu says. "There's little recourse for hospitals when a manufacturer refuses to allow OS updates."

What's to be done? First, take comfort in knowing "there have been no documented criminal attempts at infiltration," TechCrunch's Ferenstein says. Still, Fu says hospitals need to stop using insecure operating systems, and that "more hospitals and manufacturers need to speak up about the importance of medical-device security." As for the pacemakers, Jack has notified the manufacturer of the one he hacked and advised that they step up their security. “Sometimes you have to demonstrate the darker side" to enact reform, he tells SC Magazine.